package com.orion.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * https://blog.csdn.net/qq_41302594/article/details/105441364
 * @author Administrator
 * @date 2021/8/26
 */
@Configuration
public class DoubleLoginSecurityConfig {

    @Configuration
    @Order(2)
    public static class UserSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            //多HttpSecurity配置时必须设置antMatcher，除最后一个外，因为不设置的话默认匹配所有，就不会执行到下面的HttpSecurity了
            http.antMatcher("/doubleLogin/user/**")
                    .authorizeRequests()
                    .antMatchers("/css/doubleLogin/user/**").permitAll()
                    .antMatchers("/js/doubleLogin/user/**").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin().loginPage("/doubleLogin/user/login").permitAll()
                    .usernameParameter("uname")
                    .passwordParameter("pwd")
                    .defaultSuccessUrl("/doubleLogin/user/index")
                    .and()
                    .logout().logoutUrl("/doubleLogin/user/logout").permitAll().logoutSuccessUrl("/doubleLogin/user/login")
                    .and().
                    csrf().disable();
        }
    }

    @Configuration
    @Order(3)
    public static class AdminSecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/doubleLogin/admin/**").authorizeRequests()
                    .antMatchers("/css/doubleLogin/admin/**").permitAll()
                    .antMatchers("/js/doubleLogin/admin/**").permitAll()
                    .anyRequest().authenticated()
                    .and()
                    .formLogin().loginPage("/doubleLogin/admin/login").permitAll()
                    .usernameParameter("uname")
                    .passwordParameter("pwd")
                    .defaultSuccessUrl("/doubleLogin/admin/index")
                    .and()
                    .logout().logoutUrl("/doubleLogin/admin/logout").permitAll().logoutSuccessUrl("/doubleLogin/admin/login")
                    .and().
                    csrf().disable();
        }
    }
}
